A technical analysis of the BackMyData ransomware used to attack hospitals in Romania – CYBER GEEKS
Tags
country: Romania
attack-pattern: Malware - T1587.001 Malware - T1588.001 Software - T1592.002
Show in Graph
Common Information
Type Value
UUID 72fa1a0c-6cf9-4190-a78b-2173acdcbc53
Fingerprint ad21791b387d9241
Analysis status DONE
Considered CTI value 0
Text language
Published Feb. 19, 2024, midnight
Added to db Aug. 31, 2024, 2:31 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline A technical analysis of the BackMyData ransomware used to attack hospitals in Romania
Title A technical analysis of the BackMyData ransomware used to attack hospitals in Romania – CYBER GEEKS
Detected Hints/Tags/Attributes 55/2/52
Source URLs
Redirection Url
Details Source https://cybergeeks.tech/a-technical-analysis-of-the-backmydata-ransomware-used-to-attack-hospitals-in-romania/
URL Provider
Details Provider Source level domain
Details cybergeeks.tech cybergeeks.tech
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 91 CYBER GEEKS https://cybergeeks.tech/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 38 
ntdetect.com
Details Domain 66 
www.malwarebytes.com
Details Domain 261 
blog.talosintelligence.com
Details File 65 
info.txt
Details File 1260 
explorer.exe
Details File 120 
boot.ini
Details File 90 
bootfont.bin
Details File 38 
io.sys
Details File 46 
msftesql.exe
Details File 58 
sqlagent.exe
Details File 62 
sqlbrowser.exe
Details File 119 
sqlservr.exe
Details File 66 
sqlwriter.exe
Details File 67 
oracle.exe
Details File 57 
ocssd.exe
Details File 61 
dbsnmp.exe
Details File 57 
synctime.exe
Details File 57 
agntsvc.exe
Details File 57 
mydesktopqos.exe
Details File 54 
isqlplussvc.exe
Details File 56 
xfssvccon.exe
Details File 60 
mydesktopservice.exe
Details File 57 
ocautoupds.exe
Details File 57 
encsvc.exe
Details File 41 
firefoxconfig.exe
Details File 55 
tbirdconfig.exe
Details File 57 
ocomm.exe
Details File 57 
mysqld.exe
Details File 43 
mysqld-nt.exe
Details File 40 
mysqld-opt.exe
Details File 58 
dbeng50.exe
Details File 55 
sqbcoreservice.exe
Details File 199 
excel.exe
Details File 52 
infopath.exe
Details File 91 
msaccess.exe
Details File 102 
mspub.exe
Details File 74 
onenote.exe
Details File 173 
outlook.exe
Details File 92 
powerpnt.exe
Details File 99 
steam.exe
Details File 58 
thebat.exe
Details File 35 
thebat64.exe
Details File 63 
thunderbird.exe
Details File 86 
visio.exe
Details File 323 
winword.exe
Details File 90 
wordpad.exe
Details File 2125 
cmd.exe
Details sha256 1 
396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6
Details Url 1 
https://www.malwarebytes.com/blog/news/2019/07/a-deep-dive-into-phobos-ransomware
Details Url 1 
https://blog.talosintelligence.com/deep-dive-into-phobos-ransomware
Details Windows Registry Key 493 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Details Windows Registry Key 582 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run